Bug #20805
closedOpenID authentication broken when dl() is not available
0%
Description
The PHP OpenID library relies on the function dl() being available at runtime, to load some math extensions. This will break OpenID authentication and thus the whole TYPO3 backend when someone tries to login with an OpenID and dl() is not available.
TYPO3 should issue a warning if dl() is not available. Preferrably in the install tool, but the warning should also be displayed while doing a login. As the OpenID lib developers used @dl(...), there isn't even an error message being displayed when dl() is not available.
The error is in file ext:openid/lib/php-openid/Auth/OpenID/BigMath.php, function Auth_OpenID_detectMathLibrary()
Disable the enable_dl option in your php.ini, then try to login via OpenID. Maybe you also need to disable loading of the gmp and bcmath PHP extensions, as the function in question tries to load these.
(issue imported from #M11613)
Updated by Rupert Germann about 15 years ago
hi,
I have problems to reproduce this issue, and I'm not shure if this is an error at all.
the openID authservice checks in its init function if the needed php extensions are loaded. If not, openID authentification will be omitted and the next auth service is tried (and a log entry is made).
The function is dl is not checked here and so the function dl() should not be called at all because it is only used if the library is not yet loaded.
Updated by Andreas Wolf about 15 years ago
The problem is that if the library is not yet loaded, PHP will try to load it. But if dynamic loading of libraries is disabled (for whatever reason), this will fail, as dl() is not available then. So this definitely is a problem in certain environments, especially because it throws a fatal error which may not even be displayed to the user/admin (if display_errors is off), unlike exceptions.
Updated by Steffen Gebert about 15 years ago
Would checking the PHP.ini setting for enable_dl before calling dl() a solution?
Updated by Oliver Hader about 15 years ago
Duplicate of issue #21444 - please continue there